Max CVSS | 4.9 | Min CVSS | 4.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2014-5251 | 4.9 |
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users
|
10-10-2014 - 05:23 | 25-08-2014 - 14:55 | |
CVE-2014-5252 | 4.9 |
The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification
|
10-10-2014 - 05:23 | 25-08-2014 - 14:55 | |
CVE-2014-5253 | 4.9 |
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.
|
10-10-2014 - 05:23 | 25-08-2014 - 14:55 |